European nations fail to develop anti-cyber attack strategies

Too many government response teams only open in office hours, finds EU security team

European countries risk becoming the victims of crippling cyber attacks because of the glacial pace at which internet security strategies are being developed, according to a new report from EU security mandarins.

The European Network and Information Security Agency (Enisa) has updated its benchmarking analysis of countries’ internet security strategies, highlighting the vastly different approaches being taken across the continent.

Most EU countries have yet to devise a formal strategy for securing their IT infrastructure, the Enisa report concluded – although the French, German and Dutch governments are leading the way.

The majority of European countries have established computer emergency response teams, charged with dealing with cyber threats to critical national infrastructure, Enisa reported. But many of these only operate in office hours, increasing the risk that colleagues in other countries will not be able to reach them in the event of an out-of-hours incident.

“Member states… need to address their security and resilience in a systemic [way] as the frontline of defence against failures and attacks,” the report stated.

The report is intended to highlight best practice across Europe, as well as provide a country-by-country breakdown detailing which agencies are responsible for different aspects of cyber security.

“Mapping the IT security position for each country provides a key source of information for the sharing of good practices with policy and decision makers,” said Udo Helmbrecht, executive director at Enisa.